From b820d3969583162c827c1c6aca92d6e5a83e87c7 Mon Sep 17 00:00:00 2001 From: Zoheb Ahmed Date: Tue, 1 Nov 2022 23:31:34 +0530 Subject: [PATCH] Added security.md file --- security/SECURITY.md | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 security/SECURITY.md diff --git a/security/SECURITY.md b/security/SECURITY.md new file mode 100644 index 00000000..422550ee --- /dev/null +++ b/security/SECURITY.md @@ -0,0 +1,35 @@ +# Security Release process: +The Assetmantle OSS team and the community takes all the security issues and vulnerability reports quite seriously. This includes all of the source code repositories under assetmantle. + +## Reporting vulnerabilities: + +Make sure to not report any kind of security vulnerability by creating a new issue on github. + +We would request you to report security vulnerabilities by emailing the Assetmantle security team at: + +`````` + +We are extremely grateful for users and vulnerability researchers that report vulnerabilities to the Assetmantle security team. We ensure that all of the security reports submitted are thoroughly investigated by our team. + +## Security vulnerability response: +Each of the security vulnerability reports are acknowledged and analyzed by the security team thoroughly. You should be receiving a response within 24 - 48 hours. However,if you do not receive a response from us, please follow up via email to ensure that we received your original message. + +The lead maintainer will acknowledge your email within 24 hours, and will send a much more detailed response within 48 hours indicating the next steps in handling your report. After the initial reply to your report, the security team will make sure to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. + +### When should you report a vulnerability: +- When you discover a security threat that could drastically affect AssetMantle +- When you discover a vulnerability in any other project that AssetMantle depends upon. In such a case, report the security issues to those projects directly. + +You may include the information listed below in order to help us understand the nature and scope of the possible issue: +- Type of issue. +- Complete path of the source file from where the vulnerability is arising. +- Location of the source code (branch/commit/tag or direct URL). +- Configuration and set-up required to reproduce the issue. +- Impact of the issue +- Probable ways to solve the vulnerability +The aforementioned information would allow us to look into the report much more quickly and would allow us to identify the issue easily. + +We would make sure to keep the reporter updated as we move from fixing the issue to releasing the fix. + +## Preferred languages: +We prefer all of the communications to be in english.